2022-04-24 07:25:04 +00:00
|
|
|
/*
|
|
|
|
Copyright 2022 CAcert Inc.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2022-04-19 14:48:32 +00:00
|
|
|
package hsm
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2022-04-24 07:25:04 +00:00
|
|
|
"errors"
|
2022-05-01 10:36:17 +00:00
|
|
|
"fmt"
|
2022-04-19 14:48:32 +00:00
|
|
|
|
|
|
|
"github.com/ThalesIgnite/crypto11"
|
|
|
|
|
|
|
|
"git.cacert.org/cacert-gosigner/pkg/config"
|
|
|
|
)
|
|
|
|
|
|
|
|
type ctxKey int
|
|
|
|
|
|
|
|
const (
|
2022-05-01 10:36:17 +00:00
|
|
|
ctxCADirectory ctxKey = iota
|
|
|
|
ctxP11Contexts
|
2022-04-19 14:48:32 +00:00
|
|
|
ctxSetupMode
|
|
|
|
ctxSignerConfig
|
2022-04-20 07:03:26 +00:00
|
|
|
ctxVerboseLogging
|
2022-04-19 14:48:32 +00:00
|
|
|
)
|
|
|
|
|
2022-04-20 07:03:26 +00:00
|
|
|
type ConfigOption func(ctx context.Context) context.Context
|
|
|
|
|
2022-05-01 10:36:17 +00:00
|
|
|
func CADirectoryOption(path string) func(ctx context.Context) context.Context {
|
|
|
|
return func(ctx context.Context) context.Context {
|
|
|
|
return context.WithValue(ctx, ctxCADirectory, path)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-20 07:03:26 +00:00
|
|
|
func CaConfigOption(signerConfig *config.SignerConfig) func(context.Context) context.Context {
|
|
|
|
return func(ctx context.Context) context.Context {
|
|
|
|
return context.WithValue(ctx, ctxSignerConfig, signerConfig)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func SetupModeOption() func(context.Context) context.Context {
|
|
|
|
return func(ctx context.Context) context.Context {
|
|
|
|
return context.WithValue(ctx, ctxSetupMode, true)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func VerboseLoggingOption() func(ctx context.Context) context.Context {
|
|
|
|
return func(ctx context.Context) context.Context {
|
|
|
|
return context.WithValue(ctx, ctxVerboseLogging, true)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-19 14:48:32 +00:00
|
|
|
// SetupContext sets global context for HSM operations.
|
2022-04-20 07:03:26 +00:00
|
|
|
func SetupContext(options ...ConfigOption) context.Context {
|
2022-04-19 14:48:32 +00:00
|
|
|
ctx := context.Background()
|
|
|
|
|
|
|
|
ctx = context.WithValue(ctx, ctxP11Contexts, make(map[string]*crypto11.Context))
|
2022-04-20 07:03:26 +00:00
|
|
|
|
|
|
|
for _, opt := range options {
|
|
|
|
ctx = opt(ctx)
|
|
|
|
}
|
2022-04-19 14:48:32 +00:00
|
|
|
|
|
|
|
return ctx
|
|
|
|
}
|
|
|
|
|
|
|
|
func GetSignerConfig(ctx context.Context) *config.SignerConfig {
|
2022-04-20 07:03:26 +00:00
|
|
|
signerConfig, ok := ctx.Value(ctxSignerConfig).(*config.SignerConfig)
|
|
|
|
if !ok {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return signerConfig
|
2022-04-19 14:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func IsSetupMode(ctx context.Context) bool {
|
2022-04-20 07:03:26 +00:00
|
|
|
setupMode, ok := ctx.Value(ctxSetupMode).(bool)
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
return setupMode
|
|
|
|
}
|
|
|
|
|
|
|
|
func IsVerbose(ctx context.Context) bool {
|
|
|
|
verbose, ok := ctx.Value(ctxVerboseLogging).(bool)
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
return verbose
|
2022-04-19 14:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func GetP11Context(ctx context.Context, entry *config.CaCertificateEntry) (*crypto11.Context, error) {
|
2022-04-24 07:25:04 +00:00
|
|
|
contexts, ok := ctx.Value(ctxP11Contexts).(map[string]*crypto11.Context)
|
|
|
|
if !ok {
|
2022-04-24 12:05:46 +00:00
|
|
|
return nil, errors.New("type assertion failed, use hsm.SetupContext first")
|
2022-04-24 07:25:04 +00:00
|
|
|
}
|
2022-04-19 14:48:32 +00:00
|
|
|
|
|
|
|
if p11Context, ok := contexts[entry.Storage]; ok {
|
|
|
|
return p11Context, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
p11Context, err := prepareCrypto11Context(ctx, entry.Storage)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
contexts[entry.Storage] = p11Context
|
|
|
|
|
|
|
|
return p11Context, nil
|
|
|
|
}
|
2022-05-01 10:36:17 +00:00
|
|
|
|
|
|
|
func CloseP11Contexts(ctx context.Context) error {
|
|
|
|
contexts, ok := ctx.Value(ctxP11Contexts).(map[string]*crypto11.Context)
|
|
|
|
if !ok {
|
|
|
|
return errors.New("type assertion failed, use hsm.SetupContext first")
|
|
|
|
}
|
|
|
|
|
|
|
|
seen := make(map[*crypto11.Context]struct{}, 0)
|
|
|
|
|
|
|
|
for _, p11Context := range contexts {
|
|
|
|
if _, ok := seen[p11Context]; ok {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
seen[p11Context] = struct{}{}
|
|
|
|
|
|
|
|
err := p11Context.Close()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("could not close context: %w", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|